Integrated-circuit cards, also known as smartcards, are generally believed to offer more tamper resistance than conventional computer systems, and are thus frequently used for authentication and security functions within large computer systems. As an example, the use of a smartcard as the Subscriber Identification Module, short SIM, within the GSM mobile-telephony system is considered. Here, the mobile handset, also called mobile equipment or ME, is not normally considered as a trusted device and a trusted smartcard is used to securely store and process subscriber information and authentication functions. When placing a call, the mobile network authenticates the mobile user by exercising authentication functions contained in the trusted smartcard.
Handheld phones are currently being extended to allow user programs to be executed on the handheld phone for value-add applications such as banking and payment. Access to the smartcard of the handheld phone is provided for the relevant security functions required for a value-add application, such as the initial authentication for a financial transaction originating from the handset. While it is possible to have the smartcard perform all critical security functions, this is unlikely since the smartcard has limited processing- and storage capacity. It is thus anticipated that security functions for complex applications like banking will not be executed solely on the smartcard, and at least partial trust must be delegated to the handheld phone. Apart from issues of processing and storage, the smartcard must implicitly trust the handheld phone to provide a reliable communication channel to and from the smartcard.
Henceforth, it is anticipated that portions of complex applications will be executed on the handheld phone. Since the handheld phone also conveys all communications between the smartcard, the user, and the back-end server, a malicious handheld phone could conceivably alter the contents of the data packets sent between the three parties. Relying on the trusted smartcard to sign or authenticate messages does not alleviate this threat since the smartcard cannot verify that a message presented to it by the handheld phone for signature or authentication is in fact the message presented by the handheld phone to the user.
It is therefore necessary for applications that demand high levels of security and secrecy to extend the sphere of trust to include the handheld phone itself. Conventionally, this is achieved through two primary means, tamper-resistant hardware and ensuring that such tamper-resistant devices are being used through either policy or by authentication from the back-end server.
U.S. Pat. No. 5,371,794 discloses a method and apparatus for privacy and authentication in wireless networks. The method and apparatus is for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert_Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms (“SKCS”). The base determines if the Cert_Mobile is valid. If the Cert_Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert_Base, random number (RN1) encrypted in mobile's public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert_Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub_Base) the signature on the message. The signature is verified by taking the base message and appending it to CH1 and the list of shared key algorithms that the mobile provided in the first message. If the base signature is not valid, then the communication attempt is aborted. In the event that the base signature is valid, the mobile determines the value of RN1 by decrypting Pub_Mobile, RN1 under the private key of the mobile. The mobile then generates RN2 and the session key, and encrypts RN2 under the Pub_Base. The mobile sends the encrypted RN2 and E(Pub_Mobile, RN1) to the base. The base then verifies the mobile signature using the Pub—Mobile obtained from the Cert_Mobile. If the mobile signature is verified, the base decrypts E(Pub_Base, RN2) using its private key. The base then determines the session key. The mobile and base may then enter a data transfer phase using encrypted data which is decrypted using the session key which is RN1⊕RN2.
The European patent application 0 589 022 A1 discloses a public key cryptographic system with enhanced digital signature certification which authenticates the identity of the public key holder. A hierarchy of nested certifications and signatures are employed which indicate the authority and responsibility levels of the individual whose signature is being certified. The certifier in constructing a certificate generates a special message that includes fields identifying the public key which is being certified, and the name of the certifee. The certificate is constructed by the certifier to define the authority which is being granted and which may relate to wide range of authorizations, delegation responsibilities or restrictions given to, or placed on the certifee.
Designing special tamper-resistant hardware may involve special ruggedized designs with circuitry that erases security-sensitive information such as cryptographic parameters and aborts pending transactions if a device is physically tampered with, such as when the case is opened, or the power is cut, or designing hardwired circuits that do not have any software-controlled components on the paths between the trusted smartcard and the required input/output devices.
Unfortunately, mobile equipment such as mobile handsets are not currently designed to be tamperproof and adding full tamper-resistance is not realistic for commodity-style handsets due to the expected cost of doing so.